Device and method for a secure execution of a program

Abstract

A device and method for a secure execution of a program. The program includes a sequence of program commands including use and checking commands. A checking value is generated according to a setup regulation when executing a checking command. A control value is generated according to the setup regulation and the checking value is compared to the control value. An insecure execution of the program is indicated when the checking value and the control value do not match.

Description

CROSS-REFERENCE TO RELATED APPLICATION[0001]This application is a continuation of copending International Application No. PCT / EP04 / 009498, filed Aug. 25, 2004, which designated the United States and was not published in English, and is incorporated herein by reference in its entirety.BACKGROUND OF THE INVENTION[0002]1. Field of the Invention[0003]The present invention relates to a device and a method for a secure execution of a program and, in particular, to a device and a method for executing a program having checking commands enabling a control of the program execution.[0004]2. Description of Related Art[0005]Chip cards have a wide continuously extending spectrum of use. Frequently, they contain trusted information. Examples are payment and credit cards, insurance cards or access control cards. The area of use and the acceptances of such chip cards substantially depend on their security features. The trusted data contained on the chip cards have to be protected from being read out...

AI Technical Summary

Benefits of technology

The solution provides flexible, cost-effective, and robust protection against invasive attacks by frequently interrupting critical program sections with checking commands, minimizing silicon area consumption and simplifying certification processes, while ensuring secure execution paths and preventing side entries.

Problems solved by technology

In order to skip the authentication process or another process, the course of the program execution is interfered with by the attacker by invasive attacks.

One possible invasive attack is the provision of an interference pulse to a voltage supply of a chip card.

This has the consequence that a program command counter of the chip card controller is changed in an unspecified way not planned by the designer.

For example, program initializations or program results are needed in later program sections and an incorrect presence of such values would lead to a program breakdown.

Such dependencies have the disadvantage, however, that they are not equally distributed across a program course.

However, such dependencies as a protection of a program course are not supported by the conventional programs for generating a software.

This makes program changes difficult, as the dependencies between individual program parts which are necessary as a protection have to be manually inserted and checked.

Such a solution is not flexible enough, however, to adapt to different time periods of the initialization course, and offers no protection against changes in the control course during the setup procedure.

A further disadvantage is that a monitoring solution based on a temporal monitoring may hardly be checked during the manufacturing test of a device.

A further disadvantage is that the timer of the monitoring circuit is not necessarily resistant enough in order to not be influenced by the interference pulse as well.

The main problem of such an approach is that the sensor has to be set exactly to the limiting values of the operating conditions.

Both the setting of the sensor and the exact characterizing of the circuit are very time consuming and costly.

This approach requires a high expense regarding both software and hardware, as the sequence data may conventionally not automatically be established and integrated into the code blocks and as a second processor is required on which the secured code blocks are executed.

The checking commands inserted into the program course cause virtually costs with regard to the program size and the performance of the software.

Images